Package org.bouncycastle.crypto.signers

Class ECNRSigner

java.lang.Object

org.bouncycastle.crypto.signers.ECNRSigner

All Implemented Interfaces:

DSA, DSAExt

public class ECNRSigner
extends Object
implements DSAExt

EC-NR as described in IEEE 1363-2000 - a signature algorithm for Elliptic Curve which also offers message recovery.

Constructor Summary

Constructors

Constructor	Description
ECNRSigner()

Method Summary

Modifier and Type	Method	Description
BigInteger[]	generateSignature(byte[] digest)	generate a signature for the given message using the key we were initialised with.
BigInteger	getOrder()	Get the order of the group that the r, s values in signatures belong to.
byte[]	getRecoveredMessage(BigInteger r, BigInteger s)	Returns the data used for the signature generation, assuming the public key passed to init() is correct.
void	init(boolean forSigning, CipherParameters param)	Initialise the signer.
boolean	verifySignature(byte[] digest, BigInteger r, BigInteger s)	return true if the value r and s represent a signature for the message passed in.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ECNRSigner

public ECNRSigner()

Method Details

init

public void init(boolean forSigning,
 CipherParameters param)

Initialise the signer.

Specified by:

init in interface DSA

Parameters:

forSigning - true if we are generating a signature, false for verification or if we want to use the signer for message recovery.

param - key parameters for signature generation.

getOrder

public BigInteger getOrder()

Description copied from interface: DSAExt

Get the order of the group that the r, s values in signatures belong to.

Specified by:

getOrder in interface DSAExt

generateSignature

public BigInteger[] generateSignature(byte[] digest)

generate a signature for the given message using the key we were initialised with. Generally, the order of the curve should be at least as long as the hash of the message of interest, and with ECNR it *must* be at least as long.

Specified by:

generateSignature in interface DSA

Parameters:

digest - the digest to be signed.

Returns:

two big integers representing the r and s values respectively.

Throws:

DataLengthException - if the digest is longer than the key allows

verifySignature

public boolean verifySignature(byte[] digest,
 BigInteger r,
 BigInteger s)

return true if the value r and s represent a signature for the message passed in. Generally, the order of the curve should be at least as long as the hash of the message of interest, and with ECNR, it *must* be at least as long. But just in case the signer applied mod(n) to the longer digest, this implementation will apply mod(n) during verification.

Specified by:

verifySignature in interface DSA

Parameters:

digest - the digest to be verified.

r - the r value of the signature.

s - the s value of the signature.

Throws:

DataLengthException - if the digest is longer than the key allows

getRecoveredMessage

public byte[] getRecoveredMessage(BigInteger r,
 BigInteger s)

Returns the data used for the signature generation, assuming the public key passed to init() is correct.

Returns:

null if r and s are not valid.